GDPR Consultancy Service

The General Data Protection Regulations (GDPR) applies from 25 May 2018, bringing significant changes in the way businesses collect, process, utilise and manage personal data.

Our consultancy service offers a practical approach in working with you towards understanding the scope and depth of the GDPR and how it applies to your business, resulting in a structured plan of support.

The support programme required will be developed to meet the needs of your business which will be identified during a scoping meeting. The structure of support can include:

GAP Analysis

Understand where you are against the current Data Protection Act (DPA) and where you need to be in order to be compliant against the new General Data Protection Regulation (GDPR). The GAP Analysis helps determine your start point, critical actions, timeframes and responsibilities.

Data Discovery

Helps you understand your obligation and supports you in the doing when it comes to discovering where all your data is, and what kind of data you have.

Data Mapping

We work with you to MAP Data flows that involve personally identifiable Information (PII). This captures your legal basis to process data, where it has come from, what you are doing with it, who accesses it, where it resides, what data it is, is it excessive, where is it stored, which country is it stored, how do you ensure you retain it accordingly, delete accordingly and understand consent obligations.

Risk Assessment

We work with you to risk assess any high risk data flows that are identified as part of the data mapping exercise. This would include a review of infrastructure, mapped data and processing. This also includes putting a plan in place for when, not if, you are breached.

Documentation

As part of this service, we can support you in understanding what policies and procedures need to be in place and help create and manage those.

Training

We can also support you on training staff and clients as needed to ensure they understand their obligations and rights.

Support

Ongoing Data Protection Officer (DPO) support or general GDPR support as required.